From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C47EAA0C47; Tue, 12 Oct 2021 17:36:01 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5611641174; Tue, 12 Oct 2021 17:36:01 +0200 (CEST) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mails.dpdk.org (Postfix) with ESMTP id 6288341149 for ; Tue, 12 Oct 2021 17:36:00 +0200 (CEST) X-IronPort-AV: E=McAfee;i="6200,9189,10135"; a="288059162" X-IronPort-AV: E=Sophos;i="5.85,368,1624345200"; d="scan'208";a="288059162" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Oct 2021 08:35:59 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,368,1624345200"; d="scan'208";a="526589542" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by fmsmga008.fm.intel.com with ESMTP; 12 Oct 2021 08:35:57 -0700 Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Tue, 12 Oct 2021 08:35:57 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Tue, 12 Oct 2021 08:35:56 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Tue, 12 Oct 2021 08:35:56 -0700 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.170) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Tue, 12 Oct 2021 08:35:56 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D1M9AFhyikv0Jgp48aTswzV7OsU2zloEj9dz2qMq7zwH8hGURtzpwFjTJbHVBQGK0iZsM6xX9EJyvLMY2KevCs839f3SueLmkciN2Atl9HYqPkdp1ZE271RoBQ/K2I99i3VNs9d1thLPlbw7V+Uh9kssulj1m3D7SFqBnSC8hwacFC5X2DSf4+KkLkMQkHPukfvju2vuIzMkz9mRNL9BkHQL2i7RoahTjmEoTwBOP+00S1KfXdcP5HcSsuV8AKMDf3X41wY4XPVoaxAPLaZPzJXdGLsoqtYMOJ/xm1+AMMMgP0lfztBKJ6yHC6AbiZHpi12wYZ7nUb2GVKLg63THLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eUqOi9UTZpEzQFFpqaVPkH/cUwAH48lqysSf4XJ4yqs=; b=Q+xQQO4Mt43k+TROaVnteWJqw6ufwG5VGLFRhKIU6wkvsYtf1sHsROeh30zYW6wu811vSzmNQL25nxdPFzEfuXiwbrfcUCUQGCeTRFI5F+7NbNn0j2lOl56yNMAeJeOOhconGc0ciMyTuLIQ+zOs+3Gsxk1qk8tvO6XQsUjTMSVPiDHfRqN7cB2fyBjS1Z2SnGL2JLKAljO35yKoGtyQroP6F/gE/cl74QUUJuEYcKvyVvJaROvGesDK14UYCMZPyKoRHFqA3tYMJLkbz50/qguBFpqok0LllnVwpwJIADKE1UxQdH5iYwWKONj0Vh4RclVNNbvCg8Q5h5G7RFxAcw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eUqOi9UTZpEzQFFpqaVPkH/cUwAH48lqysSf4XJ4yqs=; b=iQQMi1fQAtzs2O2eA0Oy03csXstGZZJ++FhSqU5JgKr3qIhDXZNh0eIuxr2NTGsiLzITMhtpbbhd9cTy9A3DqnVw4E+K7khH4OxuXH1c1c0fFVlquB8EaA0e9h4vGESqrcdIZ6Ksa/qsA6x4MEhddg1AdlgzemQf0vHejzj6fmM= Received: from DM6PR11MB4491.namprd11.prod.outlook.com (2603:10b6:5:204::19) by DM5PR11MB1625.namprd11.prod.outlook.com (2603:10b6:4:b::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.25; Tue, 12 Oct 2021 15:35:54 +0000 Received: from DM6PR11MB4491.namprd11.prod.outlook.com ([fe80::740e:126e:c785:c8fd]) by DM6PR11MB4491.namprd11.prod.outlook.com ([fe80::740e:126e:c785:c8fd%4]) with mapi id 15.20.4587.026; Tue, 12 Oct 2021 15:35:54 +0000 From: "Ananyev, Konstantin" To: "Nicolau, Radu" , "Iremonger, Bernard" , "Medvedkin, Vladimir" CC: "dev@dpdk.org" , "mdr@ashroe.eu" , "Richardson, Bruce" , "Zhang, Roy Fan" , "hemant.agrawal@nxp.com" , "gakhil@marvell.com" , "anoobj@marvell.com" , "Doherty, Declan" , "Sinha, Abhijit" , "Buckley, Daniel M" , "marchana@marvell.com" , "ktejasree@marvell.com" , "matan@nvidia.com" Thread-Topic: [PATCH v8 08/10] ipsec: add support for initial SQN value Thread-Index: AQHXvpT9b1a7H6LUfk6nfCpFl+MapqvPgAlw Date: Tue, 12 Oct 2021 15:35:54 +0000 Message-ID: References: <20210713133542.3550525-1-radu.nicolau@intel.com> <20211011112945.2876-1-radu.nicolau@intel.com> <20211011112945.2876-9-radu.nicolau@intel.com> In-Reply-To: <20211011112945.2876-9-radu.nicolau@intel.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.200.16 authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4feaf59d-5ff7-419a-847f-08d98d95faa8 x-ms-traffictypediagnostic: DM5PR11MB1625: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6108; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: fX7j6pw2KDbBSV+EXqullLbEhVjhsYl/uq9ExryAEuqLs5MWizhbI47aSTnJZoWca10PbZfLe5CsAmnDI1ageQ5XDATwHNIjE84gIPUvuBe1WY7WGBMUW178FmrG/PTdFes+PltALu93FJT1IrnVBxpAis2xJnj1cse0oOqkMt51nOebGuG17PjGbS6ECGLeMJbCdVwyA1R+1VXYx693uuRTjL+l02/G5EwS27c8urdvAi+YGCsGP5uG44IpDvOG5EHSc/GuTH6Ivx+s0xD4Mf+0RXSvRWgwZ4TEFIa58dcAhwqGt8Qod4jL7oVi6wJdmPY5oRzFmRXXMrsTMjq/umHJ1kohev3VsdDNkCfOrHMACGgZV7Lj/kIQl8KosFve2c4j4ByQusSgSp/5trD7oNeoI32NjGtTShPoMWwYyTLRADuWwOfQHa1kdVRgKQO2Vu5vu/KvynLUUGbKxAwyLQMHdew8JQUywy8vbzvFcRt+i+ZQaz3QVn7Df+ISzhxfaGYN0FPzQDsiWUg/e0TO6P9tj1WgKpyXuLC6f0NDfKnDaaCpHDW5Te73KVZr2DqYgOnUwvSnEx3nZK1EpViFUIxmBoVxX1yIG+BH8lSTO+OmUyziCOiDbpiYStTDg/5oiJ9xhX2ggCIWuUMtnA2vey7Wd7tDsD/XxVSC4y6gO6uhqDAl3B3k8xXeu6XR0VPz1+9Fj/qvWrtjh7jBQ/xufA== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4491.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(8676002)(316002)(71200400001)(508600001)(2906002)(66476007)(66556008)(66446008)(66946007)(64756008)(76116006)(83380400001)(86362001)(5660300002)(33656002)(52536014)(9686003)(38100700002)(7696005)(186003)(26005)(122000001)(55016002)(8936002)(38070700005)(6506007)(6636002)(55236004)(4326008)(110136005)(54906003); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?VIrw5uFeZgKtWE5W4eHtkxWrlLgXLyivqrS4VeiGUikR8K0ZSzvnd7y1VM1s?= =?us-ascii?Q?6F9hiUpSZd2pwjMJIMa1M6hHMQe6dOY0lNm2OyVSGNwsSlWy8WdIbjVG2WNI?= =?us-ascii?Q?VZDIswgwol9n0Q3VlM0KLtMwNw+0fZ6pGJTLqiSHRyy6CE5U0wPfh5uN2aA0?= =?us-ascii?Q?pH/dvdeahj1JiB3H+qdzE6ZFDxOuH+ykxHwxEwmwabb7uvlOfVOFY/8XY17T?= =?us-ascii?Q?9vOgYb+dKqchlHEdhi5tn01XHobiSKulgIfkDRxleN+W2v41xL10rpGCvgyn?= =?us-ascii?Q?6yvv6uq+D/I7BQZUezCUApI/17fgG9AfZ7WVE1/P/NJGk9WUWYxpOR2IGlbl?= =?us-ascii?Q?b6kkHpy4MkYODXU9XmddtMDUtMvoWeUGOn1x18DEd1Ii7FN+I/YFIZg+Wx1b?= =?us-ascii?Q?sVm9PncgUVcelgGbs2SMRrnIg+kT/IFnZdI8kr6Tg9gr7E9AoCpC2AhETLsg?= =?us-ascii?Q?i4VTR7Wl9onDsP+ge7VIKiQoCwC+kMuyojizdpkqrDsCWm0ODnIepFja01tZ?= =?us-ascii?Q?0AqE8A1cGttMnVLvlCgX7xdEqNBq3V+rCOyVAKbLjBPz7PHgY7JvlZDGJX3W?= =?us-ascii?Q?3IY5UG3ympscIHlbM4W3wSZ2+XlYvAKNfQKK3Zs7seefFH5Xp8BGAQqkbc9K?= =?us-ascii?Q?PuPvKT2PRD4Zx3PyaWVnM7jULgRBdP20O0N9S9XO93OERgrIpc8XBUsIlEmZ?= =?us-ascii?Q?EJJG1kmcjsrAno36YhN5F/IyFzM76ASOYBlq8d34kY4EVRNu0DrsmehcNwTk?= =?us-ascii?Q?BaDCk/vanksf3dU/0wHXED+oGgs1Cnp5Lg5kd1XG32ncE1AXfftxS7c2OJi3?= =?us-ascii?Q?JZF30rqe4MMUkLwhu21yhwxRR2wx12L8hZ5ZwVUcHUBbYqy8i8e9s7lmmE+D?= =?us-ascii?Q?dKhVQmvEv1Qg27zvCUibIzjEswc2kGbOsWQaMD4rPDS26auUJRSWle30rEBl?= =?us-ascii?Q?BhqfCJ7PDSnzIqcXVK32cfNxLs9DEzzXYyWDuZ2FI/ItKTl5dUT8I0KMHpV0?= =?us-ascii?Q?5S6lWRO9rNFJAspD/nSVYtzDilf1yEif6oI/wZQe0Rmz7HIDMUaXNnGXh5ej?= =?us-ascii?Q?cvG0rHIrQ7iQT0gPX6gkVjiUBBonpPXLdLaADg3tAdKcVgnI1kBOq30Lvjwv?= =?us-ascii?Q?GVpYgEnUWbqjczt2g+Zh29gWT32fE7tObSM/Fpf68sHXd7GhqCivuFgHTAGE?= =?us-ascii?Q?DB80bw2nlGk+HCd8DTp69mE+04mAmQKAvy7jlxCf16fFW8U1PncOrLE4Fisl?= =?us-ascii?Q?be6S5ebNx0nTid9VHtQfhkRKfPUuw8qIfm2w3C8HNiHusDMl4U/nFeu4Uahd?= =?us-ascii?Q?9ymuNuNPuvcHY1Zsc+ip9PdO?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4491.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4feaf59d-5ff7-419a-847f-08d98d95faa8 X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Oct 2021 15:35:54.3118 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: YYidKDw5C+HBGgiYDuEcvUaL0f3ih4EEM+uUSZdHSWbeP+pP9Oco9QUysaH1KkDnjr3ZZrZqEmRU0ytrjAzVroFQTlYBCvjE47XyKjy2fw8= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1625 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [PATCH v8 08/10] ipsec: add support for initial SQN value X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > Update IPsec library to support initial SQN value. >=20 > Signed-off-by: Declan Doherty > Signed-off-by: Radu Nicolau > Signed-off-by: Abhijit Sinha > Signed-off-by: Daniel Martin Buckley > Acked-by: Fan Zhang > --- > doc/guides/rel_notes/release_21_11.rst | 1 + > lib/ipsec/sa.c | 25 ++++++++++++++++++------- > 2 files changed, 19 insertions(+), 7 deletions(-) >=20 > diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_note= s/release_21_11.rst > index f0bc4438a4..0686679677 100644 > --- a/doc/guides/rel_notes/release_21_11.rst > +++ b/doc/guides/rel_notes/release_21_11.rst > @@ -140,6 +140,7 @@ New Features > * Added support for NAT-T / UDP encapsulated ESP > * Added support TSO offload support; only supported for inline crypto = mode. > * Added support for SA telemetry. > + * Added support for setting a non default starting ESN value. >=20 >=20 > Removed Items > diff --git a/lib/ipsec/sa.c b/lib/ipsec/sa.c > index 44dcc524ee..85e06069de 100644 > --- a/lib/ipsec/sa.c > +++ b/lib/ipsec/sa.c > @@ -294,11 +294,11 @@ esp_inb_tun_init(struct rte_ipsec_sa *sa, const str= uct rte_ipsec_sa_prm *prm) > * Init ESP outbound specific things. > */ > static void > -esp_outb_init(struct rte_ipsec_sa *sa, uint32_t hlen) > +esp_outb_init(struct rte_ipsec_sa *sa, uint32_t hlen, uint64_t sqn) > { > uint8_t algo_type; >=20 > - sa->sqn.outb =3D 1; > + sa->sqn.outb =3D sqn > 1 ? sqn : 1; >=20 > algo_type =3D sa->algo_type; >=20 > @@ -376,7 +376,7 @@ esp_outb_tun_init(struct rte_ipsec_sa *sa, const stru= ct rte_ipsec_sa_prm *prm) > sa->tx_offload.val =3D rte_mbuf_tx_offload(sa->hdr_l3_off, > sa->hdr_len - sa->hdr_l3_off, 0, 0, 0, 0, 0); >=20 > - esp_outb_init(sa, sa->hdr_len); > + esp_outb_init(sa, sa->hdr_len, prm->ipsec_xform.esn.value); > } >=20 > /* > @@ -502,7 +502,7 @@ esp_sa_init(struct rte_ipsec_sa *sa, const struct rte= _ipsec_sa_prm *prm, > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TRANS | > RTE_IPSEC_SATP_NATT_ENABLE): > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TRANS): > - esp_outb_init(sa, 0); > + esp_outb_init(sa, 0, prm->ipsec_xform.esn.value); > break; > } >=20 > @@ -513,15 +513,19 @@ esp_sa_init(struct rte_ipsec_sa *sa, const struct r= te_ipsec_sa_prm *prm, > * helper function, init SA replay structure. > */ > static void > -fill_sa_replay(struct rte_ipsec_sa *sa, uint32_t wnd_sz, uint32_t nb_buc= ket) > +fill_sa_replay(struct rte_ipsec_sa *sa, uint32_t wnd_sz, uint32_t nb_buc= ket, > + uint64_t sqn) > { > sa->replay.win_sz =3D wnd_sz; > sa->replay.nb_bucket =3D nb_bucket; > sa->replay.bucket_index_mask =3D nb_bucket - 1; > sa->sqn.inb.rsn[0] =3D (struct replay_sqn *)(sa + 1); > - if ((sa->type & RTE_IPSEC_SATP_SQN_MASK) =3D=3D RTE_IPSEC_SATP_SQN_ATOM= ) > + sa->sqn.inb.rsn[0]->sqn =3D sqn; > + if ((sa->type & RTE_IPSEC_SATP_SQN_MASK) =3D=3D RTE_IPSEC_SATP_SQN_ATOM= ) { > sa->sqn.inb.rsn[1] =3D (struct replay_sqn *) > ((uintptr_t)sa->sqn.inb.rsn[0] + rsn_size(nb_bucket)); > + sa->sqn.inb.rsn[1]->sqn =3D sqn; > + } > } >=20 > int > @@ -591,13 +595,20 @@ rte_ipsec_sa_init(struct rte_ipsec_sa *sa, const st= ruct rte_ipsec_sa_prm *prm, > sa->sqn_mask =3D (prm->ipsec_xform.options.esn =3D=3D 0) ? > UINT32_MAX : UINT64_MAX; >=20 > + /* if we are starting from a non-zero sn value */ > + if (prm->ipsec_xform.esn.value > 0) { > + if (prm->ipsec_xform.direction =3D=3D > + RTE_SECURITY_IPSEC_SA_DIR_EGRESS) > + sa->sqn.outb =3D prm->ipsec_xform.esn.value; > + } > + I think I already asked this question for previous version, but don't remember what was the answer, so I'll ask again: You do set sa->sqn.outb inside esp_outb_init(). Which will be invoked by esp_sa_init() below. Why do you need to duplicate it here?=20 > rc =3D esp_sa_init(sa, prm, &cxf); > if (rc !=3D 0) > rte_ipsec_sa_fini(sa); >=20 > /* fill replay window related fields */ > if (nb !=3D 0) > - fill_sa_replay(sa, wsz, nb); > + fill_sa_replay(sa, wsz, nb, prm->ipsec_xform.esn.value); >=20 > return sz; > } > -- > 2.25.1